Overview

Graphcool offers a very flexible authentication system that's based on functions.

In general, Graphcool allows you to specify that some of your available API operations require authentication. This effectively means that the HTTP request that's carrying the operation needs to have a valid authentication token in its Authorization header. If that's not the case, the request will fail with a permission error.

To authenticate requests from your users, you need to generate a node token for them. A node token always needs to be associated with one particular node from your database.